General discussion


Vicious Spyware

By jeremy ·
About a week ago I became infected with some viruses/trojans that launched the Spy Sheriff program. After deleting files and registry entries to regain control of my desktop background, I ran my norton antivirus as well as adaware and spybot s&d. After finding and removing problems with the above software, everything seemed fine until a barrage of pop-ups started, even when I didn't open my browser. I then restored my system (XP) to november 8th. Still have the pop-ups. It also makes AIM on my other networked computers log off and on about every ten minutes. Can anything fix this?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by ctrservices In reply to Vicious Spyware

If nothing else is wrong with your system except for the popups, turn off System Restore.

Boot into Safe Mode and run both your Spyware programs and AV scanner (make sure to update first), deleting anything found. If they come up with anything, rescan to make sure the second scan is clean.

Then go into msconfig and uncheck everything in the Startup tab except your spyware, AV and firewall apps. Reboot.

Hopefully, now all is back to normal. If you have any further problems, you will need to install HijackThis, scan and post the log to one of its forums.

Be sure to turn System Restore back on if all is well and create a restore point.

Collapse -

by HAL 9000 Moderator In reply to Vicious Spyware

While the above is quite right you might like to try MS's Beta Anti Spy ware tool unlike most MS products this actually works mainly because it comes from a company which MS acquired and they are incorporating this product into Vista.

It's available from

Just make sure that you run this in Safe Mode first after getting the latest updates.


Collapse -

by The_Fixer In reply to Vicious Spyware

Both of the above answers are correct. However, I have found that many times spyware has become so persistent and difficult to remove that a clean install is about the only true fix. I have run into this quite a bit with many clients and have tried many different Anti-Spyware programs. Most work well enough but don't always clean it out completely.
Also, for the future, try a different browser such as Firefox. You do lose some functionality, but it is much more secure.

Collapse -

by absolutecomputer In reply to Vicious Spyware

This program removes some adware that MS antispy doesn't seem to help with

Another option is to download hijackthis from, run it, search for the files that it finds in google and see if they are related to software that you want/need or if people say they are spyware related.

I normally start in safe mode to do this. I also agree that you should turn off system restore after you get the system cleaned so that you do not accidentally reinstall the problem later.

Go to and run their free A/V scanner....I normally follow that with Panda Activescan or I often find that Norton may miss something that another companies software will find.

Good luck

Collapse -

by dragonbill In reply to Vicious Spyware

You definitely got some great advise from those above. All I have to add is if you are like me and get persistent, Google is your friend. I had an issue at work where I could not quite get rid of a similar popup attack. I finally found a file, googled, and lo and behold a removal tool was found for that specific case. It worked and no trouble since. Yes, I ran Hijack This. Great app, but be cafeul.
Good luck!

Collapse -

by wlbowers In reply to Vicious Spyware

Turn off system restore if it is used in your os.

Download, update, and run the following.

Your AV Software.

You can currently (as of 12-4-05) get a free copy of Computer Associates etrust EZAntivirus. ?Nortons Sucks?

Microsoft Spyware Remover

Spybot: Cootie Remover

Ad-Aware: Cootie Remover

Stinger: Virus Specific Remover
This item will not update through the program. You have to download the new.

CWshredder: Trojan and Toolbar Cootie Remover

In a Cmd window
Tasklist /svc for XP
Tlist ?s for 2000
Provides you with a list of services running. Including the dreaded svchost, what is calling it.


ProcInfo provides you with a quick overview of all currently running processes and displays detailed information for a lot of them.

Below are programs that will provide you with information about what is running on startup or what is loaded currently.


StartUpList is information only. Startup, Registery, and others. You can?t fix anything from within the program.

Hijack This:

Hijack This
This program is useful in that it shows what is currently loading on startup. You must know what is good and what is bad. Once you check it and fix it is gone. So be sure. Items you are not sure of do a Google search for them.


Winaudit does an extensive audit of you computer. Complete list of installed software, dll, and other good stuff.

Everest (This replaced Aida32)

Run Your Antivirus again

Download and install all OS updates.

I have had to boot into safe mode and run the removal programs.

Good Luck Lee

Collapse -

by korgmeister In reply to Vicious Spyware

even you cleaned up every virus/spyware, when you use Internet Explorer to surf certain sites like gambling, hacking, porn, you will still get infected.

use other browser like Opera, firefox, Netscape or other browser will greatly reduce the chance of getting your hands dirty. unless the particular site cant be view except with IE, only then you use it.

Collapse -

by nobody1296 In reply to Vicious Spyware

Try the TrendMicro Free Spyware scan. It seems to be able to detect and remove things that AdAware, SpyBot and MS Anti-Spyware do not.

Related Discussions

Related Forums